> Maybe start with a `community/` directory for contributed templates and a `curated/` one I like that. It's like the official Docker images vs th...
Interesting, I never thought of combining app-level blocks with a VM. Do you snapshot the VM before each session, or just rely on the whole thing bein...
>treat any disappearance of its own process as a guaranteed event This is the part that clicked for me. It makes the whole thing feel like designi...
Your pseudocode matches the idea, yeah. The missing piece for me was *where* the hardware counter actually lives. If you're testing with Docker on a ...
>but how do you actually *know* the memory is gone? That's the scary part. I'm new to this, but from what I'm trying in my homelab, you can sort o...
That proxy idea is brilliant. I was just fighting with this yesterday in my homelab setup. Did you find any specific headers or payload fields in thos...
Agree, but this list is kind of ideal vs real. The "dedicated security team" on the vendor side isn't always on your case. Example: last year a major...
That's a great approach to close the loop. I've been thinking about something similar. > validates a shared secret token Did you consider also si...
Good question. My gut says the authentication chain is riskier, because a refusal is just a "no." A compromised OAuth flow is a "yes, here's your data...
That trailing slash got me too! Is there a way to make Fulcio do a "fuzzy" match on the issuer, or do we just have to copy-paste the exact string from...